Enterprise content gateway

ABSTRACT

The disclosure relates to content delivery systems such as gateways for use in locations where the services of many end user devices are provided by a common management entity, such as hospitality, dormitory, healthcare, or other enterprise settings. The disclosure includes methods of initializing a gateway configuration and operating a gateway by ingesting content from a variety of signals (satellite, broadcast, cable, and IP), processing the content to have additional desired features, and reassembling content in various forms for delivery to individual end user devices.

CROSS REFERENCE TO RELATED APPLICATIONS

This application is a divisional of U.S. patent application Ser. No.15/722,643, filed Oct. 2, 2017, which is a continuation of InternationalPatent Application No. PCT/US2017/025114, filed Mar. 30, 2017, both ofwhich are hereby incorporated by reference.

BACKGROUND

Content delivery networks employ a variety of different transmissionmodes. For example, networks can employ broadcast, satellite, cable,and/or the Internet and IP-based transmissions. Each of thesetransmissions can have physical or practical limitations and may operateusing different transmission formats and protocols. Within eachtransmission medium, various types of information can be sent orreceived, including audio, video, audiovisual, telephony, or other formsof data. Additional complications can arise because a single serviceprovider may employ multiple delivery networks simultaneously, such as alegacy network in combination with a fiber-based IP (internet protocol)system.

Typically, several different devices would be needed to process andhandle content delivered through these different networks andtransmission modes. The expense and maintenance of equipment for each ofthese functions can be burdensome. This multiplication of devices iscompounded for certain enterprise customers that centrally manageservices provided for many end-user points, such as hotels, educationalinstitutions, multifamily housing, commercial buildings, hospitals,airports, or other multiple-dwelling units.

Enterprise customers may also desire to combine many differenttransmission modes for local delivery to its managed network using asmaller number of transmission modes and/or different transmissionmodes. For example, over-the-air television content could be combinedwith a network cable feed delivered over a hybrid-fiber network, withsubsequent delivery over coaxial cable within the enterprise customer'snetwork. A further complication is that both input and output may besubject to encryption or decryption problems. Enterprise customers mayhave additional desires to insert locally-generated programming into thecontent delivered into its network, such as local advertising, customdirectory or guide information, or coverage of events occurring on thepremises. All of these variations could require further additionalequipment to implement.

BRIEF SUMMARY OF THE INVENTION

The present disclosure provides a powerful fully two-way platform thatis adaptable to any enterprise service application. A gateway may beconstructed from a chassis that is populated with appropriate processingor service modules to target the detailed requirements for eachapplication. Subscription or network changes affecting the enterprisecustomer can be accommodated by reconfiguration of existing modules,replacement of existing modules with new modules, or installation of newmodules.

An enterprise content gateway includes a passive backplane configured toreceive a plurality of service modules, a power module, and a controlmodule. The backplane transfers power and provides data transferconnections between service modules and the control module. Servicemodules include an input module configured to demodulate a signal toprovide a transport stream to the backplane and an output moduleconfigured to receive transport streams from the passive backplane andproduce a modulated signal. The control module includes a webserverhosting a remotely-accessible control interface, sends control data tothe other modules, and receives monitoring data and transport streamsfrom the other modules. The control module identifies programs from thetransport streams to create a channel lineup and generates outputinstructions. In one implementation, the control module is also adaptedto receive a content feed from an external IP port, and may includeprograms from the content feed in the channel lineup and outputinstructions. Output instructions and the streams including the selectedprograms are routed to the output module which assembles an outputstream based on the instructions. Optionally, the control module cancreate multiple channel lineups for delivery through distinct outputmodules.

An enterprise content gateway may adapt to changes in the installedmodules and configurations with minimal service interruptions. Anewly-installed module sends an initialization message to the controlmodule, which is compared to a system configuration plan. The systemconfiguration plan may be stored in memory or received or updated fromthe control interface. The control module sends a control message to theservice module with instructions for processing a transport streamaccording to the system configuration plan. The system configurationplan may be modified from the control interface, and the control moduleidentifies service modules affected by the modification and propagatesnew control messages accordingly.

The enterprise content gateway also provides for improved communicationswith an external network. The gateway may collect data packages frommultiple devices within the enterprise network and aggregate those intomore aggregated packages that are transmitted through a single interfaceof the enterprise gateway. When used with an external networkcommunicating with RF signals, the gateway substantially reduces thenoise contribution that individual devices in the enterprise networkwould otherwise add to the external network. The gateway thereforeenables various expanded and extended network architectures.

The disclosure also relates to automatically detecting and recoveringfrom errors in a enterprise gateway setting. A system may load a systemconfiguration plan with information about the expected number and typesof input signals and receive an input from a service module. A signalstatus may be determined by comparing the input to the systemconfiguration plan. Errors in cryptographic processes may also bedetected. Errors of multiple types are reported and the systemidentifies unused resources which are available to correct the error(s).If an error persists, the spare resources may be deployed to correct theerrors and return the system to operations conforming with the systemconfiguration plan.

Other aspects of the disclosure relate to the detection and correctionof cryptographic errors in a conditional access system. Withoutcompromising security, a cryptographic engine may provide for a pollingor query interrogation for information relating to its key exchanges andcommunications. In response to the interrogation, the cryptographicengine reports a record of its communications with the conditionalaccess system. The record is evaluated against predefined rules and/orprior records for the detection of errors in key negotiations or storageprior to a cryptographic failure. Upon detecting the errors, a controlmessage is sent to the cryptographic engine to restart and/orreauthenticate and renegotiate key information with the conditionalaccess system. The restart may be delayed to minimize loss of service todownstream users.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a perspective view of an exemplary implementation of aninventive gateway.

FIG. 2 is a top view of the gateway of FIG. 1 with its top removed.

FIG. 3 is a block diagram of data processing in accordance with aninventive gateway of FIG. 1 .

FIG. 4 is a diagram of logical data partitioning in an inventivegateway, such as FIG. 1 .

FIG. 5A is a perspective view of a subassembly of the gateway of FIG. 1.

FIG. 5B is a cross-sectional view of FIG. 5A taken along the dashed lineB.

FIG. 6 is a block diagram of a processing function of an inventivegateway, such as

FIG. 1 .

FIG. 7 is a diagram of methods relating to error detection and recoveryin an inventive gateway, such as FIG. 1 .

FIG. 8 is a diagram of methods relating to error detection and recoveryin cryptographic engines relating to FIG. 7 .

FIG. 9 is a diagram of a network architectures enabled by use of aninventive gateway, such as FIG. 1 .

DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS 1. Structural andOperational Overview

As shown in FIG. 1 , a gateway 1 may be housed within a chassis 100adapted to mount in a conventional equipment rack (not shown). Forexample, chassis 100 may be four or five “rack units” high(approximately seven to nine inches) and nineteen inches wide, althoughthe chassis may be adapted to other configurations suitable forinstallation in a variety of settings. While different enclosures andconfigurations are compatible with the gateway, as shown here, thechassis 100 shown includes a top 101, louvered sides 102 with mountingsections 104, back wall 106 (see FIG. 2 ), a module support area 108,and a subchassis 110. The subchassis 110 may be removable from thechassis independent of the chassis's mounting to an equipment rack orother structure.

FIG. 2 illustrates a top down view of FIG. 1 with top 101 removed.Chassis 100 houses a backplane 120 supported by the back wall 106. Thebackplane 120 is adapted to receive a variety of modules includingcontrol modules 130, service modules 140, and/or power modules 150, andprovides data connections and power transfer between modules. Forexample, backplane 120 can be an Ethernet backplane providingmulti-gigabit data transport on a single bus. Each of modules 130, 140,and 150 are shown implemented on a blade structure 200 which extendsfrom front side toward backplane and contains or supports variousprocessing and communications hardware as discussed throughout thisdisclosure. Backplane 120 may be configured with uniformly spacedconnections to provide for any physical arrangement or sequencing ofmodules 130, 140, 150 or may be arranged to provide connections forspecific types of modules in set locations, or some combination. Forexample, as shown in FIG. 1 , relative to front of chassis 100, controlmodule 130 is installed on or toward left side and power module 150 isinstalled on or toward the right side, with service modules 140 inbetween. Even in this arrangement, however, connections for servicemodules 140 may be uniformly spaced such that they can be installed inany sequence.

Modules 130, 140, 150 can be constructed such that no externalconnections are required from the rear of the device. For example, inFIG. 1 , a service module 140 is shown with a coaxial outlet 142 on thefront side of the device. In a preferred implementation, the backplane120 can be a passive backplane in that it lacks active electronicscomponents. The lack of active components makes failure of the backplaneunlikely in service, which eases the burden on field-service and repairsas well as eliminates the need for accessing the backplane 120 or anymodule from the back of the gateway 1, providing more flexibility ininstallation. It is particularly helpful to ease of repair by replacingservice modules, that the more failure prone active components, such ashigh speed data handling components or computationally-intensive videoprocessing, are not present as a part of the backplane. In addition tosupporting and connecting modules 130, 140, 150, backplane 120 can beadapted to provide supporting and connections for data and powertransfer for an environmental unit 160 housed in subchassis 110 anddescribed below.

Control module 130 is in communication with all other modules, such asservice modules 140 in FIG. 1 , through connections with backplane 120.The control module 130 provides a central input and output signalconditioning, management, communication, monitoring, and control system.Control module sends control data to other modules; receives monitoringdata and transport streams from other modules; identifies programs forinclusion in a channel lineup; and creates instructions for assembling achannel lineup which are routed to an output module 140 (describedfurther below). As shown here, control module 130 may be equipped withan IP port 133, or multiple such IP ports. Optionally, IP inputs mayalso be provided in a separate service module described more fullybelow. Control module 130 may include indicators 131 such as LEDs orother signaling means to indicate status of components and/or functionsof the gateway 1. Control module 130 may also be configured to performvarious methods, either alone or in combination with other modules, asdescribed further below.

Power module 150 features two power supply sockets 152 for redundant,independent power sources, and transfers power to the other modulesthrough backplane 120. The gateway may be implemented with dual powersupplies, each with sufficient capacity to supply the other modules.Redundant power supplies may be equipped with auto-failover features toprevent outages or service interruptions. Power module 150 may beequipped with a dedicated fan unit 156 for heat dissipation. Powermodule 150 may be configured to report monitoring or alert informationto control unit 130 via interconnects 122 and data paths 124, such as analert when one power supply fails or is disconnected and anauto-failover event occurs. Control unit 130 may be configured toevaluate the monitoring and alert information and, as needed,automatically order service or relay information to the controlinterface or a remote monitor.

As shown most clearly in FIGS. 5A and 5B, the subchassis 110 may housean environmental module 160 that regulates airflow throughout thegateway 1. Environmental module 160 may be equipped with an air filter162 and a fan assembly 164. Fan assembly 164 includes fans 166 and maybe equipped with both power and data connections 168 to backplane 120.Fan assembly may be configured to report power usage, temperature,and/or fan speeds to control module 130. In operation, the use ofmultiple fans 166 in fan assembly 164 provides redundancy againstindividual component failure. Moreover, in conjunction with theremovable subchassis 110, in the event of a failure of one or more fans166, advantages to repair servicing are obtained. The control module 130may monitor fan speed and temperature reports and identify a failure sothat alerts can be generated and repair services ordered. For repair andreplacement purposes, the fan assembly 164 with its multiple fans ishot-swappable similar to the manner described above with respect toservice modules 130. As an alternative to quickly replacing the entirefan assembly 164 and subchassis 110 with a duplicate while the gatewaysystem is operational, the subchassis 110 can be removed and the entireenvironmental module 160 within it, or an individual fan within it, maybe replaced prior to reinstalling subchassis 110 into the chassis 100.

Repair operations can be accomplished while the gateway 1 continues toprocess signals and route content so that enterprise users do not loseservice unless the sensed temperature reaches an unacceptable levelbefore the fan assembly 164 is replaced. The speed of removal andreinstallation avoids adverse temperature effects on the hardware inmodules 130, 140, 150. As shown in FIGS. 1 and 2 , environmental modulemay be substantially oriented perpendicular to the orientation ofmodules 130, 140, 150. One environmental module 160 therefore mayservice multiple or all modules simultaneously.

In FIG. 3 , control module 130 of FIG. 1 can be defined in relation toswitch functions 136 and processing functions 138, and is shown withdata interconnects 122 to backplane 120 as well as an optionalinput/output signal 139. Implementation options include using anintegrated circuit for switch functions 136 while using fieldprogrammable gate arrays (FPGAs) for processing functions 138, althoughother processor types and combined hardware/software solutions would beavailable. Backplane 120 may provide unique paths 124 between controlmodule 130 and each service module 140. For example, each path 124 maybe a 2.5 Gb Ethernet connection that is independent of the other paths124. The processing functions 138 include an operating system, webserverproviding a control interface, monitoring and control messaging, andoptionally external network communications. In connection with managingthe routing of data between service modules, switch functions 136 mayprovide firewalled data partitioning among different types of datawithin the system, such as logical VLAN partitioning. For example, inFIG. 4 , boundary 400 illustrates the distinction between physical andlogical data partitioning in any given blade, where a path 124 of FIG. 3represents the physical connection that is available between the controlmodule 130 and a given service module 140. Control module 130 may assignseparate partition labels to, for example, common control andconfiguration data 410, external network data 420, multimedia transferdata 430, or other categories 440. Data partitioning has severalbenefits, including enhanced security (e.g., isolating external datafrom control processes and settings) and lowering the data rate requiredfor the backplane to service any given service module 140.

Illustrated in FIG. 3 , service modules 140 can be defined in relationto standard module functions 145 and specialized module functions 146.Standard module functions include an operating system, networkconnectivity with the backplane such as Ethernet connections, aprocessor capability, and a webserver. An illustrated implementationprovides all of these functions on a physical blade structure 200 (suchas with 130, 140 and 150) terminating with a data interconnect 122 (FIG.2 ). A given service module 140 may have an associated input/outputsignal 149. Each service module 140 is connected to control module 130through dedicated data path 124. The service module webserver isconfigured to supply a module-specific control interface to the controlinterface, and may also supply alert and monitoring information specificto the service module 140. A preferred implementation uses FPGAs on eachservice module. By processing with FPGAs, less power is consumed (andless heat generated) than with a standard microprocessor. FPGA bladesalso provide reliable data connectivity with an Ethernet backplane.

Service modules 140 are usually “hot-swappable,” meaning that they canbe replaced without powering down other components of the gateway andminimize any loss of service associated with replacement. Likewise, thesystem can be reconfigured so that the hot-swappable service modules areimmediately reassigned to process data according to a new configuration.Upon installing a service module 140, the service module may send aninitialization message to the control module. An initialization messagemay include identification, capacity, type, and status information forthe service module. Information from the initialization message may becommunicated to and displayed on the control interface. The controlmodule compares the initialization message to a stored systemconfiguration plan. If the service module is compatible with theprocessing needs of the plan, then the module may be placed intoservice. The control module may send a control message to the servicemodule including instructions for processing data based on the systemconfiguration plan. Instructions for processing data will typicallyrelate to a transport stream according to the various types of modulesdiscussed in detail below, and control module may route a transportstream to the service module for handling. If the service module iscompatible with the plan but there are other resources already providingthe compatible functions, the service module may be designated a “hotspare” as discussed further below. Alternately, the compatible servicemodule may reduce the load on the previously-functioning moduleperforming the same function. Thus, excess processing capacity may beprovided to enhance services within the enterprise network, for example,by providing higher-quality content. A user may request to modify thesystem configuration plan using the control interface. In response tosuch a request, the control module may modify the stored systemconfiguration plan and identify one or more service modules affected bythe request, for example by comparing the newly stored configurationplan to the previously-stored configuration plan.

The control interface of the control module is configured to communicatewith the module-specific webserver, and provides a centralauthentication system for command-and-control of the individual modules.The control interface will receive and recreate the module-specificcontrol interface from the module-specific webserver. When a change to aconfiguration is recorded in the control interface, the control modulemay identify each affected service module and send control datacommunicating the change. The control module webserver may receivemonitoring data and/or alerts from each respective module-specificwebserver, which may be available through or displayed in the controlinterface.

Returning to FIG. 3 , a second service module 140′ is illustrated, withstandard module functions 145′, specialized module functions 146′ (andoptionally input/output signal 149′), which may or may not differ fromservice module 140, depending on the specific application. Servicemodule 140′ may be of a different type than service module 140. However,service module 140′ may be of the same type as service module 140, yetconfigured to process data in different ways, or configured to processdifferent sets of data. Having completed a discussion of standard modulefunctions above, specialized module functions 146 and 146′ are describedherein below in connection with the many different module types that canbe employed in an inventive gateway.

2. Service Module Types and Processing Options

Input service modules are provided in a variety of types based on theincoming signals that will require processing. One example is a QAMinput module, which is adapted to receive QAM-modulated signals througha coaxial cable connected through the front of the module and furtherconfigured to demodulate such signals to digital transport streams thatcan be provided to other modules via the backplane 120. A QAM inputmodule includes multiple full-band-capture QAM tuners. Optionally, a QAMinput module may include a cryptographic engine that decrypts digitalchannels as part of a conditional access system, such as the CableCARD™system that is commercially available. Each QAM input module may beoutfitted with multiple, multi-stream decryption cards (referred to asan “M-CARD”), each of which is capable of decoding up to six channelssimultaneously. Each M-CARD may be received in a physical pocket on theblade that provides data connectivity with the blade. In oneimplementation, the blade may be equipped with four pockets, eachcapable of receiving an M-CARD, for a total of twenty-four simultaneousprogram decryptions. In response to instructions received from thecontrol module 130, the blade may route demodulated data through thepocket and corresponding cryptographic engine for decryption to anunencrypted transport stream. Although the QAM input module may beadapted to support use of a cryptographic engine, it may be configuredto process data without using that function. For example, in response toinstructions received from control module 130, the blade can bypass agiven pocket and provide a transport stream to the backplane withoutapplying any decryption. Alternatively, a pocket could be filled with adummy or relay card that simply transfers data back to the blade withoutapplying a cryptographic function.

Another input module type is an ATSC input module. The ATSC input moduleis adapted to receive 8VSB-modulated signals such as broadcast signalsfrom an external antenna that is connected to the front of the modulevia a coaxial cable. The ATSC input module is configured to demodulatesuch signals to digital transport streams that can be provided to othermodules via the backplane 120. In one implementation, the ATSC inputmodule is equipped with four independent tuners that can simultaneouslydemodulate four input signals for further processing. Each ATSC signalincludes Program and System Information Protocol (PSIP) tables thatinclude metadata about the programs in the transport stream, such aschannel information and electronic program guide information. The ATSCtuner may be configured to provide PSIP data along with the transportstream to the backplane for further processing or delivery through anoutput module. Optionally, PSIP data may be processed separately forcreation of a customized channel line-up and/or customized electronicprogram guide.

Another input module type is a satellite input module, which is adaptedto receive a modulated signal from an external satellite receiverconnected through the front of the module and further configured todemodulate such signals to digital transport streams that can beprovided to other modules via the backplane 120. A satellite inputmodule may be configured to process either or both of 8PSK- orQPSK-modulated signals.

Another input module type is a local input module, which may be adaptedto receive a high-definition program or other content from one ofseveral inputs on the front of the module, and configured to deliver atransport stream to the backplane 120. Locally-generated content can beutilized in variety of ways. For example, locally-generated content canbe continuously delivered to the backplane for use in a dedicatedprogram/channel for delivery within the enterprise network. Examples ofsuch uses could be a hotel directory and service information, a campustelevision or radio station, an advertising vehicle, or livetransmission of nearby events. Locally-generated content could be queuedin memory for discrete delivery. Local input module may be configured tostore one or more locally-generated programs received from the inputs ina buffer or carousel, and subsequently play out one or more of suchprograms in response to a request from control module 130. For example,local advertising can be inserted into content streams to augment oroverwrite other portions of programs as they are delivered within theenterprise network.

Service modules may also be in the form of output-generating modules,such as a QAM output module. The QAM output module is configured toreceive output instructions from the control module and transportstreams via the backplane and assemble an output transport stream basedon the output instructions. Optionally, QAM module may also include adigital up-converter and/or digital IP-to-QAM converter functionalityfor enhanced processing of the received transport streams. The outputtransport stream can then be modulated to an output signal that istransmitted through, for example, a coaxial connection on the front ofthe QAM module. In implementations, the QAM output module may generatethirty-two (32) QAM-256 or sixty-four (64) QAM-256 carriers, dependingon application needs.

Another type of service module is a DOCSIS module compatible the DOCSIS3.1 and/or Full Duplex DOCSIS 3.1 suite of specifications. A DOCSISmodule may be configured to receive output instructions from the controlmodule and transport streams via the backplane and assemble an outputtransport stream based on the output instructions, and may have enhancedprocessing functions such as those described above for the QAM outputdevice. The output transport stream can then be modulated to an outputsignal that is transmitted through, for example, a coaxial connection.In implementations, the DOCSIS module may generate QAM-4096 carriersutilizing Orthogonal Frequency Division Multiplexing (OFDM). The DOCSISmodule may also be adapted to receive modulated signals compliant withthe DOCSIS 3.1 specifications through a coaxial cable connected throughthe front of the module and further configured to demodulate suchsignals to digital transport streams that can be provided to othermodules via the backplane 120.

Another service module type is an IP module, which is adapted to sendand receive data from an Internet Protocol (IP-based) network, such asthe Internet or a Local Area Network (LAN), through an IP port 143 ofFIG. 1 (such as Ethernet) located on the front of the module.Optionally, an IP module may be adapted to receive alternate networkingconnection formats, such as fiber optic, small form-factor pluggable(SFP), or even coaxial. The IP module may be configured to serve avariety of functions in an IPTV system, similar to those described aboveregarding the IP functions of the exemplary control module 130. IPmodule may be configured to extract transport streams or specificprograms from an IP input, ranging from a large-scale service providerfeed to a locally-generated content feed. IP module may be configured toprovide a dedicated route for a particular type of content, for examplevideo-on-demand services. IP module may be configured to providesupplementary data to other service modules. IP module can also beconfigured to function as an output module or a simultaneousinput/output module. IP module may be equipped with a cryptographicengine, for example, DTCP-IP stream encryption, to securely delivercontent to end devices within the enterprise network. Othercryptographic engines, such as commercial systems available fromVerimatrix, Inc., industry standards like DVB-Simulcrypt, or otherstandardized security protocols, may be compatible with IP module.

Service modules may also include cryptographic modules to encrypt ordecrypt transport streams separately from any particular input or outputmodule. A cryptographic module may be configured to add encryption atthe transport stream level, for example up to sixty programs using thecommercially available Pro:Idiom system. An encrypted transport streamis then redelivered to the backplane for further processing, and theencrypted transport stream can thereafter be delivered within theenterprise network via multiple output modules or formats, such as IPand QAM outputs, or, as described above, as part of different programpackages delivered to different subnetworks of the enterprise. Acryptographic module can also be in the form of a Digital RightsManagement (DRM) module. The DRM module may be configured to act as aclient managing a variety of content permissions and deviceverifications using multiple DRM systems and protocols.

Service modules 140 may also include a guide module which is configuredto process guide information from a variety of sources and provide acustom program guide for the enterprise's channel lineup. For example, aguide module may be equipped with an IP port input that receiveselectronic program guide (EPG) data from an external network. The guidemodule may also be configured to extract PSIP-EPG data from a transportstream available through the backplane, or may be provided PSIP-EPG dataindependently of transport stream. Either of these sources or both canbe inserted into a content transport stream as a supplement orreplacement to any guide data already included in the stream. The guidemodule may also be configured to use EPG data to generate an audiovisualprogram describing and displaying the content of the EPG guide data. Forexample, the available program titles and descriptions can be displayedin a scrolling or flip-page chart that is then converted to a program ina transport stream that is delivered to other modules via the backplane.Alternately, the visual guide can be generated and superimposed on orcombined with video from another program, such as for examplelocally-generated content described above. The visual guide program canbe customized to include images, advertisements, or specific stylingsuch as fonts and colors according to the preferences of the enterprisecustomer.

3. Exemplary Application in an Enterprise Setting

Modules of several different types may be combined to provide variousservices in an enterprise network. For example, FIG. 6 is a blockdiagram of the inventive gateway 1 in relation to various externalcontent networks 610 and the managed enterprise network 690. Satelliteinput 612 is processed through satellite demodulator 622 to providetransport streams 632. Likewise, cable input 614 is demodulated by acable demodulator 624 to provide transport streams 634, and over-the-airinput 615 is demodulated by demodulator 625 to provide transport streams635. As discussed above, these demodulation processes may optionallyinclude decryption processing. Transport streams 632, 634, 635 areprovided to program and packet routing functions 650.

External IP network 616 can function as both an input to and output fromthe gateway 1, depending on the delivered services, and can do sosimultaneously. For example, IP network 616 may provide audiovisualprogramming which can be decoded by IPTV module function 626 to provideadditional transport streams 636 to routing functions 650. IP network616 may also provide two-way communications through enterprise modemfunction 627, such that individual end user devices within theenterprise network 690 receive customized data services 637. Dataservices 637 may include essentially any IP traffic, such as generalInternet traffic, video-on-demand (VOD) services, or over-the-top (OTT)services. The IP network 616 may also provide information specificallyto gateway 1 that is not for delivery to end user devices. As a specificexample, guide modem function 628 may receive guide data 638 from IPnetwork 616. Control interface 629 may send and receive management andmonitoring information 639 over an external IP network 616 or a localdelivery 619. In accordance with the various input modules availablehaving different physical network connections, IP network data 616 maybe received over various forms, such as fiber, small form-factorpluggable, Ethernet, or coaxial cable. Again, cryptographic processingand/or digital rights management (DRM) functions can be applied to anyof the sources as required by the content provider.

The central routing function 650 handles both transport streams and IPdata. Routing function 650 receives management information 639 such assystem configurations and module-specific configurations and settingsthrough communications with control interface 639. Routing function 650provides transport streams to output functions along with instructionsfor processing. For example, transport streams 672 may be sent to anencrypted modulator 682 while transport streams 674 may be sent tomodulator 684 for delivery without an additional encryption step. Alongwith the streams, modulator functions 682, 684 receive instructions forwhich programs from the streams to include in outputs 692 and 694,respectively, and are configured to select packets from the streams 672,674 corresponding to programs identified in the instructions. Bandwidthon output signals 682 and 684 may therefore be conserved, andsubscription limits may be enforced, as unauthorized programs can beeliminated from the signals that are delivered within the enterprisenetwork 690. Modulator functions 682, 684 may also be equipped withadditional functionality, such as upconversion and transcoding, as maybe suitable to a particular installation.

Routing function 650 sends and receives user IP data 678 to and fromcable modem termination system (CMTS) function 688 for delivery over IPoutput 698 within the enterprise network 690. User IP data 678 caninclude transport stream programs 636 that were received from an IPsource for delivery, but may also include programs from non-IP sourcessuch as satellite, cable, or broadcast streams (632, 633, 634,respectively). User IP data may also include data service 637 such asVOD and OTT programming, as well as general Internet traffic. CMTSfunction 688 may provide IP outputs with or without additionalencryption or DRM protections, according to user configurations. CMTSmay also be configured to relay user data from enterprise network 698back upstream as part of user IP data 678 for subsequent processing androuting through function 650.

Also illustrated in FIG. 6 is an additional modulator function 684′.Similar to the description previously in connection with FIG. 3 ,modulator functions 684 and 684′ may be identical devices but can beconfigured to supply different content on output signals 694 and 694′.For example, the respective transport streams 674 and 674′ supplied toeach may differ, or the instructions received from routing function 650may identify different programs for selection, or the instructions mayinclude differences, or any combination of the preceding options. Thus,different sets of content can be provided to different subsets of anenterprise network through the use of the single inventive gateway 1. Asthe outputs supplied over each delivery method are fully-customizable, asingle gateway 1 may also be implemented to service multiple enterprisenetworks 690. For example, two hotels could be located in proximity buthave different subscriptions. Rather than each property maintainingtheir own (sets of) equipment, the gateway 1 may be configured to supplyeach property with its own unique channel lineup through distinct outputmodules.

Variations of the installation described in FIG. 6 are alsocontemplated. For example, fewer input methods may be used. A gatewaymay be implemented to combine local over-the-air programming with acommercial cable programming feed supplied over coaxial or fibernetworks. Locally-generated content can be delivered to the enterprisenetwork, but without otherwise substantially modifying the content feedsreceived from external providers, for example by inserting a new channelinto a cable television channel lineup. The gateway can be implementedwithout two-way IP communications, such that end user devices are notconnected to the Internet or other external networks through thegateway, and instead the gateway provides a one-way supply of content(from various sources), such as non-interactive television programming.The gateway can be implemented without traditional modulators, insteadproviding all content using IP within the enterprise network.

4. Upstream Isolation, Noise Suppression, and Network Architectures

Referring to FIG. 9 , in a typical hybrid-fiber coaxial (HFC) cablenetwork, the service provider's cable modem termination system (CMTS) islocated at a head-end and acts as a bridge between Internet/Ethernet andcoaxial cable RF interfaces within the HFC network. In between thehead-end and an end user's cable modem, the traditional HFC networkdelivers RF or optical signals over coaxial or fiber lines throughfacilities known as hubs and/or nodes. Each cable modem (or likedevices, such as a set-top box) sending modulated signals upstreamthrough the HFC generates noise, which is summed at the variousprocessing locations, including a node. In order for the individualupstream signals to be reliably processed at the head-end they mustmaintain a sufficient signal-to-noise ratio, so facilities are limitedin the number of upstream paths that are combined in order to cap thenoise aggregation. For example, a typical service provider node mayservice approximately 250 locations. Adding a single enterpriseinstallation, such as a hotel with 200-300 rooms, could overwhelm theexisting node with the noise generated by so many additional devices andrisk of loss of service unless substantial investment is made in theinfrastructure for additional nodes and/or CMTSs by the HFC network. Theenterprise gateway may be configured to address this problem.

Referring to FIG. 6 , the combination of enterprise modem function 627,routing function 650, and CMTS function 688 may be configured toaggregate external network traffic. For example, routing function 150may receive multiple requests for a VOD or streaming data service.Rather than immediately supply each of these requests upstream to anexternal content provider by repeating and/or summing the RF signalsthat are received from the enterprise network 690, the routing function150 may collect several requests that are then sent, packaged together,upstream to external IP network 616, though the enterprise modem 628.Other types of user IP data 678 can be similarly packaged, includingessentially any Internet traffic. In an implementation, the enterprisenetwork 690 may include, for example, a plurality of set-top boxes (STB)and/or modems throughout a facility. Each STB/modem provides an upstreammodulated RF signal through a medium (typically coaxial cable) to thegateway 1. The CMTS function 688 can demodulate each to digital packets.These packets are then aggregated in routing function 650 andremodulated through enterprise modem function 627. From the perspectiveof the external IP network 616, the inventive gateway 1 acts as a singleendpoint (a high-capacity modem) for purposes of adding noise to theexternal network 616. Thus, the gateway 1 solves the multipoint-to-pointnoise aggregation problem inherent in HFC networks.

As seen in FIG. 9 , the gateway 1 may also be used to extend and/ormodify existing HFC network architectures. The capacity of a given nodecan be expanded. For example, multiple gateways can be deployed inparallel to substantially increase the number of locations serviced by agiven HFC node, as seen in gateways 1 and 3 in FIG. 9 . Each gateway canconvert multiple upstream signal paths to one, so that, for example, ahotel with several hundred rooms can be serviced by two or threegateways rather than requiring nodes to be added to the HFC network.Multiple gateways can also be deployed in series, as illustrated withgateways 1 and 2 in FIG. 9 . For example, an enterprise may havefacilities that are not serviced by or inaccessible from existing trunklines on the service provider's HFC network. Since a gateway may beadapted to communicate over many different transmission modes, if anytransmission line can be extended to the inaccessible facility, then agateway can be adapted to seamlessly service the additional facilitywithin one centrally-managed enterprise network.

5. Error Detection and Handling

The flexible enterprise gateway system also implements robust errordetection, handling, and recovery processes to minimize serviceinterruptions. Illustrated in FIG. 7 , a source manager function 700 maybe implemented within control module 130. The source manager function700 loads a system configuration 711 in step 710, either from memory 713or in response to user input supplied through control interface 715.System configuration 711 includes information about the expected numberof input streams and the source, format, and delivery method for each.Loading step 710 may be repeated in timed intervals or may bereinitialized in response to configuration changes made through thecontrol interface 715. In monitoring step 720, the source managermonitors the status of signal sources, optionally in timed intervals.Source manager may receive information 721 about signals such as tunerswithin service modules 140 such as QAM input module or ATSC input moduledescribed above. Signal information 721 can include a signal-to-noiseratio to evaluate signal source status. Monitoring step 720 can alsoinclude steps of evaluating 725 a decryption process from acryptographic engine, for example by determining, on a pass/fail basis,whether the engine is decrypting streams by inspecting a decryptedstream. The status of a cryptographic engine can also be evaluated inconnection with polling 727 the cryptographic engine's communications,as described more fully below in reference to FIG. 8 . In step 729, thestatus of an IP stream may be detected by inspecting packets received,and timing and bitrate may be used to determine stream presence. Inaddition to detecting stream presence, monitoring step 720 includesfunctions for monitoring health or correctness of streams.

Referring to FIG. 8 , a cryptographic engine 810 may be a standalonemodule function or as part of other module processing, such as a QAMinput module described above. Keying information is provided to thecryptographic engine as part of a conditional access system and may bemanaged by a third-party such as a content provider (e.g., televisionnetwork, streaming provider) or service provider (cable, satellite,fiber network operator). Key data is used by the engine to convert inputdata to output, such as decrypting an encrypted stream to a plaintextsuitable for further processing. Frequently, as part of a conditionalaccess system, a customer, such as an enterprise customer using aninventive gateway, is not provided direct access to key data. Instead,key information is stored in a secure area. Without such access, it maybe more difficult to monitor streams for proper handling, includingwithin the inventive methods described above. Such systems are prone tosudden, unexpected failures where communications between thecryptographic engine and the conditional access system are interrupted,causing service interruptions to the enterprise customer and/or endusers within the enterprise network. For example, a provider mayperiodically change keys to ensure content remains protected and onlyavailable to authorized customers. However, such key changes arecommunicated in advance, such that conditional access system maynegotiate new key data prior to expiration of current key. As thecurrent key remains valid for some time, the engine may continue tosuccessfully decrypt or encrypt data, and a failure in thecommunications is not detected until after the current key expires.

A cryptographic engine 810 and conditional access system protocol mayprovide for interrogation of the engine 810. In response to a query orpoll in step 820, cryptographic engine 810 will report a record 835relating to its key communications in step 830. Although key data 805may not be reported, the report may indicate when the key data was lastupdated, or how many times the engine has communicated with theconditional access system, such as, for example, that communicationsrelating to key data have occurred two times in the past twenty-fourhours. In an extreme example, the cryptographic engine may report thatit has never been in communication with the conditional access system.These records can indicate an error state in the engine. However, suchan error may be limited to the engine's memory and/or communicationswith the conditional access system, as discussed above, and thecryptographic engine may continue to function properly prior toexpiration of the key. Upon detecting an error state in step 850, acontrol message 865 can be sent to the cryptographic engine 810 toinstruct it to restart, reinitialize and/or reauthenticate with theconditional access system. When the key communication error is detectedprior to cryptographic failure, restarting the engine can be scheduledor delayed to minimize service interruptions to the enterprise customerand/or end user devices in the enterprise network in optional step 860.For example, the restart can be delayed to a predefined time, such asthe middle of the night. A low usage time may also be determined by amonitoring process 854, and the automatic restart can be delayed until ausage communication 855 is received from the monitoring process 854.

In step 850, the record of key communications can be evaluated to detectan error state prior to the cryptographic failure in several ways. Forexample, the record can be compared to predefined rules in step 851. Onerule, as noted above, could require a restart if the cryptographicengine reports that it has no record of key communications. Another rulecould require a restart if the record reflects that the communicationsfall below a certain frequency threshold. The frequency threshold may beset based on the particular conditional access system employed, or couldbe predefined threshold subject to adjustment through the controlinterface. Optionally, after polling the cryptographic engine, a controlprocess may store the record of key communications in step 840. Thecontrol process may periodically interrogate the engine, such that a newrecord of key communications is received. The new record may be comparedto the stored record to determine a state of the engine in step 853. Forexample, if the new record indicates a drop in the frequency ofcommunications relative to the prior record, an error state may bedetected. Alternately, if inconsistencies are detected between therecords such as, for example, the key communications are recorded asbeing received at different times, an error state may be detected. As afurther option, a predefined rule may require a periodic automaticrestart of the engine. Such a scheduled restart may prevent suddenfailures as described above, and may be used in combination with theother error detection techniques described herein. Predefined rules andstored record comparisons may be used in the alternative or incombination, and may be further subject to a hierarchical or prioritizedordering or weighting in evaluating the state of the cryptographicengine.

Returning to FIG. 7 , source manager function 700 provides for errorhandling and recovery in recovery step 730. Errors including signalloss, signal impairment such as RF signal weakness, decryption failures,and cryptographic engine service failures may be detected in monitoringstep 720 as described above. Upon detection of an error, recovery step730 reports cause of failure loss, if determinable, through controlinterface 715 in step 731. In the recovery step 730, multiple proceduresare available to recover the signal. The function may wait for aconfigurable time period while continuing to check the source status instep 732. If the signal source is recovered (e.g., a temporaryobstruction of an antenna is removed, upstream signal resumes), nofurther recovery steps are necessary. If not, additional recoveryprocedures may be executed after the configurable time period.

Recovery step 730 continues with the identification of hot spares instep 734. Hot spares may be used to supply additional resources andpotentially recover the signal. Due to the modular nature of gateway 1,an installation may be configured with excess capacity relative to aparticular application. All excess resources are considered “hot spares”for purposes of the recovery process. For example, a redundant set ofQAM input modules may be installed. As another example, a cryptographicmodule may have unused processing resources. Hot spares may beidentified by comparing the loaded system configuration 711 to theinstalled modules and their assigned data load relative to theirprocessing capacity. Alternatively, hot spares may be identified bypolling service modules. Optionally, the process 734 for identifying hotspares is executed during the configurable time period for waiting instep 732. Then, once the time period expires, a compatible hot spareresource can immediately be dispatched to acquire or correct the signalin step 736.

After recovery steps 730, the source manager function 700 proceeds todiagnostic step 740. The original (failed) signal source may beidentified as needing maintenance in step 741 and reported to controlinterface 715. However, not all failures will require maintenance. Forexample, loss of physical layer link such as Ethernet indicates ahardware failure requiring maintenance, as is loss of RFpeak-signal-to-noise ratio (PSNR) below a specified threshold for aspecified time, where both the threshold and the time are userconfigurable. An operator may also manually designate the source asneeding maintenance or field service through the control interface 715in step 743. Conversely, maintenance may not be necessary if a modulerestart is in progress, or a PSNR is fluctuating (which may indicate atemporary obstruction). For example, if a cryptographic enginereestablishes authentication into a conditional access system, asdescribed above, no additional maintenance is necessary. If the failedsource is determined as not requiring maintenance, it may be designatedas a hot spare 735 for future use in step 745.

The invention claimed is:
 1. A method for processing signals in agateway adapted to send and receive data from an external network,comprising: demodulating a signal in a first input service module toprovide an input transport stream to a backplane in the gateway;identifying programs from the input transport stream and generating anoutput instruction corresponding to a channel lineup in a controlmodule; routing the output instruction and the input transport streamfrom the control module to a first output service module; assembling anoutput transport stream in the first output service module by selectingfirst packets from the input transport stream, wherein the outputinstructions guide appropriate programs to include in the outputtransport stream; and sending the output transport stream from the firstoutput service module to an internal network.
 2. The method of claim 1,wherein the backplane is a passive backplane.
 3. The method of claim 1,wherein the control module receives a content feed from an external (IP)internet protocol port, further comprising: sending at least a portionof the content feed from the control module to the first output servicemodule; and inserting second packets from the portion of the contentfeed into the output transport stream.
 4. The method of claim 3, whereinsending the output transport stream from the first output service moduleto an internal network comprises modulating the output transport streamto a QAM (quadrature amplitude modulation) output format.
 5. The methodof claim 1, further comprising: receiving electronic program guide datafrom the input transport stream; generating a guide video programdisplaying the received electronic program guide data corresponding tothe programs identified in the output instructions; assembling a secondinput transport stream including the guide video program and sending thesecond input transport stream to the first output service module; andinserting second packets from the second input transport stream into theoutput transport stream.
 6. The method of claim 1, comprising: receivinga plurality of data packages from downstream devices within the internalnetwork; combining the plurality of data packages into an aggregatepackage; sending the aggregate package through a single modem interfaceto the external network.
 7. The method of claim 1, comprising:identifying programs from the input transport stream and generating asecond output instruction corresponding to a second channel lineup inthe control module; routing the output instruction and the inputtransport stream from the control module to a second output servicemodule; assembling a second output transport stream in the second outputservice module by selecting second packets from the input transportstream, wherein the second output instructions guide appropriateprograms to include in the second output transport stream; and sendingthe second output transport stream from the second output service moduleto the internal network; wherein the second output transport streamcontains at least one program not in the output transport stream.
 8. Themethod of claim 1, further comprising: encrypting the output transportstream prior to sending the output transport stream from the firstoutput service module to the internal network.
 9. The method of claim 6,comprising: demodulating a plurality of RF signals from the internalnetwork, wherein the plurality of data packages are extracted from theplurality of demodulated RF signals.
 10. The method of claim 6, whereinthe downstream devices include a second gateway.
 11. The method of claim10, wherein the second gateway is adapted to send and receive RF signalsin both upstream and downstream directions.